One frequent back door installed by the web site operators themselves, is the security question.
What was your first pet?
What was your mother’s maiden name?
Where were you born?
What was your first school?
These are very often what stands between an attacker and your account. Other info is used in more “serious” contexts, such as applying for a passport, or banking, but these are given out to many agencies, and crucially, never change over your lifetime. Who would countenance a single, life-long, and simplistic, password?
Give your friends a quick quiz, and find out how much of this they know already. How much of it do you know about them? Chances are, few if any know your National Insurance number off the top of their head, but they might know where you keep your household files. How many documents could they photo whilst you are in the bathroom?
You can’t choose your own NI or Social Security number, but you can choose to give fake information in response to security questions. Of course, they’re there as a backup form of access when you’ve forgotten your password, so how can you get better security without risking being permanently locked out?
No, I’m asking.